This group should mostly be dealing with how web applications enable networking security issues that are otherwise not there. Everything is being tunneled over port 80 now so what does that enable and how do we fix it?

I'm not sure if this is the right place to post this, but my buddy needs help executing a DNS Cache Poisoning attack on his employer's nameservers. Don't mistake this for a malicious attack! After scanning their DNS and finding that it's open to the internet as well as vulnerable to DNS Cache Poisoning and telling them, they said it wasn't a big problem. So he wants to prove that it is. I've been reading some papers on it and I understand the general concept, just not the execution. My buddy tried writing an attack in Python, but he said it was too slow? Does that sound accurate?